oracle.security.crypto.fips
Class FIPS_140_2

Perfoms power-up and conditional self-tests, and manages error conditions, as mandated by the FIPS 140-2 specification.

When the crypto module is loaded, it is placed in the NOT_INITIALIZED state. When the power-up self-tests are begun, the state is set to TESTING. While the module is in either of these states, no cryptographic operations, including input or output, may be performed. User code attempting such actions will block until the power-up self-tests complete and the module is placed in either the READY state or one of several error states.

If any of the power-up self-tests fail, the module will be placed in an unrecoverable error state, and a ModuleStateException will be thrown. If all power-up self-tests complete successfully, the module state is set to READY and cryptographic operations may be performed.

Conditional self-tests are run automatically during key pair generation and random number generation. If any of these tests fails, the module is set to a recoverable error state, and a SelfTestException is thrown. A recoverable error state may be cleared using the clearModuleState() method.

While the module is in an error state, if any attempt is made to perform a cryptographic operation, including input or output, a ModuleStateException is thrown.

clearModuleState

public static void clearModuleState()

Resets the module state to NOT_INITIALIZED. This method will fail, and throw an exception, if the module is currently in an unrecoverable error state or is in the process of running the self-tests. Once the module state has been cleared, the power-up self-tests must be run before any cryptographic operations may be performed.

An unrecoverable error state is one reached as a result of failure of one of the power-up self-tests, whether run unconditionally at module load time or, optionally, by user code at any subsequent time.

A recoverable error state is one reached as a result of failure of one of the conditional self-tests. These include the testKeyPair methods and the continuous random number generation tests in the RNGTest class.